Bug 1885652 - Add Enterprise Policies setting to allow installing XPI files signed using deprecated signatures algorithms. r=mkaply,willdurand

Differential Revision: https://phabricator.services.mozilla.com/D204814
2024-11-24 05:11:16 +00:00 · 2024-03-27 20:34:18 +00:00 · 2024-03-27 20:34:18 +00:00 · 4b62f693f8
commit 4b62f693f8
parent c145757c68
4 changed files with 150 additions and 8 deletions
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@ -662,6 +662,9 @@
              "items": {
                "type": "string"
              }
+            },
+            "temporarily_allow_weak_signatures": {
+              "type": "boolean"
            }
          }
        }
@ -691,6 +694,9 @@
            "default_area": {
              "type": "string",
              "enum": ["navbar", "menupanel"]
+            },
+            "temporarily_allow_weak_signatures": {
+              "type": "boolean"
            }
          }
        }
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
@ -21,7 +21,7 @@ let themeID = "policytheme@mozilla.com";

 let fileURL;

-add_task(async function setup() {
+add_setup(async function setup() {
  await AddonTestUtils.promiseStartupManager();

  let webExtensionFile = AddonTestUtils.createTempWebExtensionFile({
@ -34,6 +34,10 @@ add_task(async function setup() {
    },
  });

+  server.registerFile(
+    "/data/amosigned-sha1only.xpi",
+    do_get_file("amosigned-sha1only.xpi")
+  );
  server.registerFile("/data/policy_test.xpi", webExtensionFile);
  fileURL = Services.io
    .newFileURI(webExtensionFile)
@ -289,3 +293,112 @@ add_task(async function test_addon_normalinstalled_file() {

  await addon.uninstall();
 });
+
+add_task(async function test_allow_weak_signatures() {
+  // Make sure weak signatures are restricted.
+  const resetWeakSignaturePref =
+    AddonTestUtils.setWeakSignatureInstallAllowed(false);
+
+  const id = "amosigned-xpi@tests.mozilla.org";
+  const perAddonSettings = {
+    installation_mode: "normal_installed",
+    install_url: BASE_URL + "/amosigned-sha1only.xpi",
+  };
+
+  info(
+    "Sanity check: expect install to fail if not allowed through enterprise policy settings"
+  );
+  await Promise.all([
+    AddonTestUtils.promiseInstallEvent("onDownloadFailed"),
+    setupPolicyEngineWithJson({
+      policies: {
+        ExtensionSettings: {
+          [id]: { ...perAddonSettings },
+        },
+      },
+    }),
+  ]);
+  let addon = await AddonManager.getAddonByID(id);
+  equal(addon, null, "Add-on not installed");
+
+  info(
+    "Expect install to be allowed through per-addon enterprise policy settings"
+  );
+  await Promise.all([
+    AddonTestUtils.promiseInstallEvent("onInstallEnded"),
+    setupPolicyEngineWithJson({
+      policies: {
+        ExtensionSettings: {
+          [id]: {
+            ...perAddonSettings,
+            temporarily_allow_weak_signatures: true,
+          },
+        },
+      },
+    }),
+  ]);
+  addon = await AddonManager.getAddonByID(id);
+  notEqual(addon, null, "Add-on not installed");
+  await addon.uninstall();
+
+  info(
+    "Expect install to be allowed through global enterprise policy settings"
+  );
+  await Promise.all([
+    AddonTestUtils.promiseInstallEvent("onInstallEnded"),
+    setupPolicyEngineWithJson({
+      policies: {
+        ExtensionSettings: {
+          "*": { temporarily_allow_weak_signatures: true },
+          [id]: { ...perAddonSettings },
+        },
+      },
+    }),
+  ]);
+  addon = await AddonManager.getAddonByID(id);
+  notEqual(addon, null, "Add-on installed");
+  await addon.uninstall();
+
+  info(
+    "Expect install to fail if allowed globally but disallowed by per-addon settings"
+  );
+  await Promise.all([
+    AddonTestUtils.promiseInstallEvent("onDownloadFailed"),
+    setupPolicyEngineWithJson({
+      policies: {
+        ExtensionSettings: {
+          "*": { temporarily_allow_weak_signatures: true },
+          [id]: {
+            ...perAddonSettings,
+            temporarily_allow_weak_signatures: false,
+          },
+        },
+      },
+    }),
+  ]);
+  addon = await AddonManager.getAddonByID(id);
+  equal(addon, null, "Add-on not installed");
+
+  info(
+    "Expect install to be allowed through per addon setting when globally disallowed"
+  );
+  await Promise.all([
+    AddonTestUtils.promiseInstallEvent("onInstallEnded"),
+    setupPolicyEngineWithJson({
+      policies: {
+        ExtensionSettings: {
+          "*": { temporarily_allow_weak_signatures: false },
+          [id]: {
+            ...perAddonSettings,
+            temporarily_allow_weak_signatures: true,
+          },
+        },
+      },
+    }),
+  ]);
+  addon = await AddonManager.getAddonByID(id);
+  notEqual(addon, null, "Add-on installed");
+  await addon.uninstall();
+
+  resetWeakSignaturePref();
+});
--- a/browser/components/enterprisepolicies/tests/xpcshell/xpcshell.toml
+++ b/browser/components/enterprisepolicies/tests/xpcshell/xpcshell.toml
@ -2,7 +2,10 @@
 skip-if = ["os == 'android'"] # bug 1730213
 firefox-appdir = "browser"
 head = "head.js"
-support-files = ["policytest_v0.1.xpi"]
+support-files = [
+  "policytest_v0.1.xpi",
+  "../../../../../toolkit/mozapps/extensions/test/xpinstall/amosigned-sha1only.xpi"
+]

 ["test_3rdparty.js"]

--- a/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs
@ -1655,19 +1655,39 @@ class AddonInstall {
          this.addon.signedDate &&
          !hasStrongSignature(this.addon)
        ) {
-          // Reject if it is a new install or installing over an existing addon including
-          // strong cryptographic signatures.
-          if (!this.existingAddon || hasStrongSignature(this.existingAddon)) {
+          const addonAllowedByPolicies = Services.policies.getExtensionSettings(
+            this.addon.id
+          )?.temporarily_allow_weak_signatures;
+
+          const globallyAllowedByPolicies =
+            Services.policies.getExtensionSettings(
+              "*"
+            )?.temporarily_allow_weak_signatures;
+
+          const allowedByPolicies =
+            (globallyAllowedByPolicies &&
+              (addonAllowedByPolicies || addonAllowedByPolicies == null)) ||
+            addonAllowedByPolicies;
+
+          if (
+            !allowedByPolicies &&
+            (!this.existingAddon || hasStrongSignature(this.existingAddon))
+          ) {
+            // Reject if it is a new install or installing over an existing addon including
+            // strong cryptographic signatures.
            return Promise.reject([
              AddonManager.ERROR_CORRUPT_FILE,
              "install rejected due to the package not including a strong cryptographic signature",
            ]);
          }

-          // Still allow installs using weak signatures to install if the existing addon also had a
-          // weak signature.
+          // Still allow installs using weak signatures to install if either:
+          // - it is explicitly allowed through Enterprise Policies Settings
+          // - or there is an existing addon with a weak signature.
          logger.warn(
-            `Allow weak signature install over existing "${this.existingAddon.id}" XPI`
+            allowedByPolicies
+              ? `Allow weak signature install for ${this.addon.id} XPI due to Enterprise Policies`
+              : `Allow weak signature install over existing "${this.existingAddon.id}" XPI`
          );
        }
      }